Many definitions of VPNs can be considered:
Definition 1: A VPN is a set of users (devices attached to the network) sharing common membership information and intended to establish inter-site connectivity (within that group). A user can be a member of multiple groups (VPNs).
Definition 2: A VPN is a client private network that subscribes to restricted connectivity services.
Definition 3: A VPN is a service where a customer requests multi-site connectivity services provided through a shared network infrastructure.
Definition 4: A VPN is a service where a partition of internal provider network resources is allocated to a customer.
Using specialized tunneling protocols and optionally secured encryption techniques, data integrity and privacy may be maintained in a VPN.
Categories of VPNs include layer-1, layer-2 and layer-3. “Layer-n” is in reference to the network layer used to perform the hand-off between the customer and provider network.
Layer-1 VPNs can be simple, point-to-point connections such as leased lines, ISDN links, or dial-up connections or Sonet/SDH/Optical private lines. They are known to be simple for the provider, as they place all responsibility for operating the network over the connection on the customer. In other words, the customer needs to provide and manage all the routing and switching equipment that operates over the connection.
Layer-2 VPN is a VPN in which the service provider connects customer sites using leased circuits connecting into a point of presence (POP) or node on a shared core network. Layer-2 VPNs are typically based on Frame Relay, ATM, or Ethernet. Exemplary VPN mechanisms at layer-2 include virtual private LAN service (VPLS) (see Waldemar Augustyn et al, “Requirements for Virtual Private LAN Services (VPLS)”, October 2002) and virtual private wire (VPW) (see Eric Rosen et. al, “L-2 VPN Framework”, February 2003).
Layer-3 VPN is a VPN in which the service provider either supplies a leased IP-based circuit connection between the customer site and the nearest POP on the edge of the service provider network or the client outsource its layer-3 network to the service provider with respect to private route distribution. The service provider takes care of the routing and addressing of the customer traffic. The service provider distributes the IP addressing information for a company across all of its relevant sites. Exemplary VPN mechanisms at layer-3 include virtual routing (VR)—base mechanisms, such as VR using border gateway protocol (BGP) (see Hamid Ould-Brahim et al “Network-based IPN VPN Architecture using Virtual Routers”, July 2002) or VPN-based RFC 2547 bis (see Eric Rosen, et al, “BGP/MPLS VPNs”, October 2002).
There are various possible arrangements for unifying different types of VPNs. In one known network arrangement, two carriers are provided. The first carrier is a provider providing layer-2, or layer-2 and layer-3 VPN services. The second carrier is a sub-provider providing layer-1 or Generalized VPN (GVPN) services. GVPN service (which in this case the first carrier subscribes to) is a VPN service that uses BGP as a VPN auto-discovery (VPN discovery is a process in which VPN routing information is distributed) and generalized multi-protocol label switching (GMPLS) (which will be discussed) as signaling and routing mechanisms. GVPN services can be layer-1 and/or layer-2/3 VPNs.
The known methods for running this network arrangement have problems. In at least one known method, a layer-2 provider edge device must implement a level-2 VPN auto-discovery mechanism. Here the operator needs to configure and manage n2 or a large number of BGP with TCP sessions running on layer-2 VPN provider edge devices across layer-1 VPN connections.